Solved

Active Directory (Netdiag) failed test KnowsOfRoleHolders

Posted on 2007-04-03
5
4,943 Views
Last Modified: 2008-06-21
I have a Windows 2003 network, with a mix of windows 2000 and windows 2003 DCs, one domain, each dept had their own local DC, all servers have the latest service packs installed.

Recently I added tree new DCs, when I run the netdiags on each server, I get this report back:

****************************************************************************************************

DC Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial non skippeable tests
   
   Testing server: Default-First-Site-Name\S-WATER-KP
      Starting test: Connectivity
         ......................... S-WATER-KP passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\S-WATER-KP
      Starting test: Replications
         ......................... S-WATER-KP passed test Replications
      Starting test: NCSecDesc
         ......................... S-WATER-KP passed test NCSecDesc
      Starting test: NetLogons
         ......................... S-WATER-KP passed test NetLogons
      Starting test: Advertising
         ......................... S-WATER-KP passed test Advertising
      Starting test: KnowsOfRoleHolders
         [TOSMAINBAC] DsBind() failed with error 1722,
         The RPC server is unavailable..
         Warning: TOSMAINBAC is the Schema Owner, but is not responding to DS RPC Bind.
         [TOSMAINBAC] LDAP connection failed with error 58,
         The specified server cannot perform the requested operation..
         Warning: TOSMAINBAC is the Schema Owner, but is not responding to LDAP Bind.
         Warning: TOSMAINBAC is the Domain Owner, but is not responding to DS RPC Bind.
         Warning: TOSMAINBAC is the Domain Owner, but is not responding to LDAP Bind.
         Warning: TOSMAINBAC is the PDC Owner, but is not responding to DS RPC Bind.
         Warning: TOSMAINBAC is the PDC Owner, but is not responding to LDAP Bind.
         Warning: TOSMAINBAC is the Rid Owner, but is not responding to DS RPC Bind.
         Warning: TOSMAINBAC is the Rid Owner, but is not responding to LDAP Bind.
         Warning: TOSMAINBAC is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
         Warning: TOSMAINBAC is the Infrastructure Update Owner, but is not responding to LDAP Bind.
         ......................... S-WATER-KP failed test KnowsOfRoleHolders
      Starting test: RidManager
         [S-WATER-KP] DsBindWithCred() failed with error 1722. The RPC server is unavailable.
         ......................... S-WATER-KP failed test RidManager
      Starting test: MachineAccount
         ......................... S-WATER-KP passed test MachineAccount
      Starting test: Services
         ......................... S-WATER-KP passed test Services
      Starting test: ObjectsReplicated
         ......................... S-WATER-KP passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... S-WATER-KP passed test frssysvol
      Starting test: kccevent
         ......................... S-WATER-KP passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0xC0001F60
            Time Generated: 04/03/2007   12:25:00
            Event String: The browser service has failed to retrieve the

         ......................... S-WATER-KP failed test systemlog
   
   Running enterprise tests on : TOSMAIN.local
      Starting test: Intersite
         ......................... TOSMAIN.local passed test Intersite
      Starting test: FsmoCheck
         Error: The server returned by DsGetDcName() did not match DsListRoles() for the PDC
         ......................... TOSMAIN.local passed test FsmoCheck

*************************************************************************************************

The other DCs on the network come back clean. The TOSMAINBAC server failed with the blue screen of death, I have since replaced this DC, alll other DCs recognize the new DC, except for these 3 DCs. I was unable to demote this failed DC

I would usually just seize the roles, but I am concerned because that all the other DCs see the correct server who now holds the roles.

Secondly, this TOSMAINBAC is still listed in the AD, it will not all me to remove.
0
Comment
Question by:AccessYourBiz_Com
  • 3
  • 2
5 Comments
 
LVL 38

Expert Comment

by:Shift-3
ID: 18845277
Make sure that all DCs have the correct DNS server IPs selected in their TCP/IP Properties.

Back up the System State on all DCs before changing anything.

Seize all the FSMO roles.
http://support.microsoft.com/kb/255504

Assuming you have a single-domain forest, make all your DCs Global Catalog servers.
http://support.microsoft.com/kb/313994

Manually remove TOSMAINBAC from Active Directory using NTDSUTIL.
http://support.microsoft.com/kb/216498

Remove TOSMAINBAC from Active Directory Sites and Services if it still appears there.
0
 
LVL 3

Author Comment

by:AccessYourBiz_Com
ID: 18845504
Just wanted to double check, all other DCs know the correct role holder, just these three do not, should I go ahead seizing the roles on these DCs?
0
 
LVL 3

Author Comment

by:AccessYourBiz_Com
ID: 18846050
When I run, ntsdutil on the problem server, the select roles, then connections, when I enter the comand "connect to server [servername]", I receive an error message

Binding to [servername]
DSBindW error 0x57(the parameter is incorrect)

if I run the same command (connect to server [servername] on any other controller in the domain, (except the 3 problem servers) the connection is successful.

Thanks
Steve
 
0
 
LVL 38

Accepted Solution

by:
Shift-3 earned 500 total points
ID: 18846068
You may want to run DCDIAG and REPADMIN first to make sure these DCs are replicating correctly.  A replication problem could account for the disparity in FSMO listings.
0
 
LVL 3

Author Comment

by:AccessYourBiz_Com
ID: 18846373
Thanks for your reply, in this case I know they are not replicating correctly, the errors I listed earlier are from the dcdiag program. When using the ntdsutil to connect to the PDC, I tried both the IP and the DNS name with no success.

Thanks
Steve
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found here: http://www.experts-exchang…
Know what services you can and cannot, should and should not combine on your server.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now